search

owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.59k stars 282 forks source link

Client's (remote) IP is logged as both source and destination in audit log #167

Closed defanator closed 4 years ago

defanator commented 5 years ago

Log example:

10.69.65.6 - "GET /?abc../ HTTP/1.1" 302 0 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" 156837944484.860433 - /var/log/modsecurity/audit/20190913/20190913-0957/20190913-095724-156837944484.860433 0 2663.000000 md5:06faa89af0fbe889c27bbe9b2d9051f6
---XtkwNdGM---A--
[13/Sep/2019:09:57:24 -0300] 156837944484.860433 10.69.65.6 52327 10.69.65.6 443